Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | remove rubyforge.org that was shut down [ci skip] | Gaurav Sharma | 2014-06-06 | 1 | -1/+1 | |
| | ||||||
* | Replace first person point of view on guides. | Hendy Tanata | 2014-05-16 | 1 | -7/+7 | |
| | | | | [skip ci] | |||||
* | [ci skip] Security guide clarity. | Kyle Heironimus | 2014-05-01 | 1 | -2/+2 | |
| | ||||||
* | Remove statement assuming coffee shop/public space wifi is inherently insecure | Nick Quaranto | 2014-04-19 | 1 | -1/+1 | |
| | ||||||
* | Include default rails protect_from_forgery with: :exception | PaulL1 | 2014-04-17 | 1 | -4/+4 | |
| | | | | | | Extend previous changes, include the default line from the application controller that new rails applications are created with: protect_from_forgery with: :exception Minor wording changes to align. | |||||
* | CSRF protection should rescue exception not extend | PaulL1 | 2014-04-17 | 1 | -3/+2 | |
| | | | | | I think the changes to the default behaviour mean that rails will throw an exception when an invalid authenticity token is found. The previous proposed code of calling super then sign_out meant that sign_out was never reached - the exception handler never returned. I think the best approach now is to catch the exception, although I'm not 100% certain on that. | |||||
* | [ci skip] Use plain underscore instead of "\_". | Juanito Fatas | 2014-04-13 | 1 | -2/+2 | |
| | ||||||
* | W3C CSP document moved to gihub.io URL [ci skip] | Andy Callaghan | 2014-04-05 | 1 | -1/+1 | |
| | | | The old link https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html is now being soft redirected to this new URL | |||||
* | [ci skip] use secrets.secret_key_base instead of config.secret_key_base | Kuldeep Aggarwal | 2014-03-01 | 1 | -3/+10 | |
| | | | | use secrets.yml instead of secret_token.rb | |||||
* | Add verb to sanitization note | Dave Jachimiak | 2014-02-14 | 1 | -1/+1 | |
| | ||||||
* | Log which keys were set to nil in deep_munge | Lukasz Sarnacki | 2014-01-28 | 1 | -0/+43 | |
| | | | | | | | | deep_munge solves CVE-2013-0155 security vulnerability, but its behaviour is definately confuisng. This commit adds logging to deep_munge. It logs keys for which values were set to nil. Also mentions in guides were added. | |||||
* | clean up security guide: his => their [ci skip] | Rex Feng | 2014-01-16 | 1 | -1/+1 | |
| | ||||||
* | [ci skip] Added alias to CSRF | Uday Kadaboina | 2014-01-14 | 1 | -2/+2 | |
| | ||||||
* | CSRF protection from cross-origin <script> tags | Jeremy Kemper | 2013-12-17 | 1 | -3/+5 | |
| | | | | Thanks to @homakov for sounding the alarm about JSONP-style data leaking | |||||
* | [ci skip] Removing some gender sensitive object pronouns | Tejas Dinkar | 2013-12-02 | 1 | -6/+6 | |
| | ||||||
* | Use genderless pronouns in security guide. [ci skip] | Vipul A M | 2013-12-02 | 1 | -18/+18 | |
| | | | | related #49ff20d9b164693ed7fee880b69cc14b141678b3 | |||||
* | Update security.md | Adam | 2013-11-08 | 1 | -1/+1 | |
| | | | | | | Hi Guys I was reading through this guide last night and noticed a small mistake, would be great if you could update it. I changed the word 'building' to 'build' in line 20. "Web application frameworks are made to help developers building web applications" | |||||
* | incorrect url | Sergio | 2013-09-16 | 1 | -1/+1 | |
| | | | incorrect url | |||||
* | incorrect urls | Sergio | 2013-09-16 | 1 | -2/+2 | |
| | | | I've found two incorrects urls for adding ':' at the end of the url | |||||
* | surplus : in attachment_fu plugin | Sergio | 2013-09-15 | 1 | -1/+1 | |
| | | | surplus ':' character in url | |||||
* | Improves a sentence in guides/security | Hannes Fostie | 2013-09-09 | 1 | -1/+1 | |
| | | | | Changed "... books make this wrong" to "... books get this wrong" | |||||
* | cleans the guides sources from fancy non-ASCII stuff | Xavier Noria | 2013-08-23 | 1 | -22/+22 | |
| | ||||||
* | remove language about configuring digest method [ci skip] | Justin George | 2013-07-31 | 1 | -1/+1 | |
| | ||||||
* | update guide to reflect default HMAC SHA1 in MessageVerifier used in ↵ | Justin George | 2013-07-30 | 1 | -1/+1 | |
| | | | | SignedCookieStore [ci skip] | |||||
* | Remove double spaces in guides | Sunny Ripert | 2013-05-28 | 1 | -2/+2 | |
| | ||||||
* | Simple grammar updates | Jonathan Roes | 2013-05-03 | 1 | -2/+2 | |
| | ||||||
* | Fix typo "can exploited" with "can be exploited" | Leo Gallucci | 2013-05-01 | 1 | -1/+1 | |
| | ||||||
* | Ruby On Rails -> Ruby on Rails [ci skip] | Xavier Noria | 2013-04-16 | 1 | -1/+1 | |
| | ||||||
* | ReCAPTCHA plug-in link now points to Github repo. Plug-in is no longer ↵ | sthollmann | 2013-03-27 | 1 | -1/+1 | |
| | | | | available at the previous location | |||||
* | Remove mass-assignment line from guide summary | Andrew Wilcox | 2013-01-25 | 1 | -1/+0 | |
| | ||||||
* | PUT => PATCH or PUT | Akira Matsuda | 2013-01-02 | 1 | -1/+1 | |
| | ||||||
* | Updated security guide to reference secret_key_base instead of secret_token, ↵ | Gary S. Weaver | 2012-12-21 | 1 | -3/+3 | |
| | | | | with a little information about the change from CookieStore to EncryptedCookieStore. | |||||
* | Updated security guide with information about secret_token.rb and to suggest ↵ | Gary S. Weaver | 2012-12-21 | 1 | -7/+11 | |
| | | | | securing sensitive files like database.yml and secret_token.rb | |||||
* | remove Mass Assignment reference from Security Guide [ci skip] | Francesco Rodriguez | 2012-12-10 | 1 | -1/+0 | |
| | ||||||
* | Security Guide: removing Mass Assignment. | Steve Klabnik | 2012-12-08 | 1 | -135/+0 | |
| | | | | | | Since mass assignment doesn't exist anymore, we don't need to discuss it. I checked with @fxn last night before making this change. | |||||
* | update guides to use _action callbacks [ci skip] | Francesco Rodriguez | 2012-12-07 | 1 | -1/+1 | |
| | ||||||
* | Normalize on 'After reading this guide, you will know:' | Steve Klabnik | 2012-11-29 | 1 | -1/+3 | |
| | | | | | We have three or four different introduction sentences to the guides. After this commit, we use the same one everywhere. | |||||
* | Add periods to the bullet points in guides. | Steve Klabnik | 2012-11-29 | 1 | -7/+7 | |
| | | | | Talked with @fxn about this. Bullet points should have periods at the ends. | |||||
* | use em-dashes instead of two minuses in guides | burningTyger | 2012-11-10 | 1 | -2/+2 | |
| | ||||||
* | migrating guides to new hash syntax | AvnerCohen | 2012-10-10 | 1 | -13/+13 | |
| | ||||||
* | Make strong_parameters example simpler | Guillermo Iguaran | 2012-09-30 | 1 | -4/+5 | |
| | ||||||
* | update Security guide to reflect mass assignment protection with ↵ | Francesco Rodriguez | 2012-09-24 | 1 | -58/+79 | |
| | | | | StrongParameters [ci skip] | |||||
* | Fix the usage of `*` in Markdown | Prem Sichanugrist | 2012-09-17 | 1 | -7/+7 | |
| | | | | | In Textile `*` would convert to `<strong>`, but in Markdown we have to use `**` instead. | |||||
* | Fix remaining formatting problems in the guide | Prem Sichanugrist | 2012-09-17 | 1 | -78/+79 | |
| | ||||||
* | Convert image tags to Markdown syntax | Prem Sichanugrist | 2012-09-17 | 1 | -2/+2 | |
| | ||||||
* | Convert all the links into Markdown format | Prem Sichanugrist | 2012-09-17 | 1 | -31/+31 | |
| | ||||||
* | Convert all inline codes to Markdown syntax | Prem Sichanugrist | 2012-09-17 | 1 | -28/+28 | |
| | ||||||
* | Convert inline code tags to Markdown | Prem Sichanugrist | 2012-09-17 | 1 | -4/+4 | |
| | ||||||
* | Convert heading tags and heading section | Prem Sichanugrist | 2012-09-17 | 1 | -61/+72 | |
| | ||||||
* | Convert code blocks into GFM style | Prem Sichanugrist | 2012-09-17 | 1 | -147/+147 | |
| |